基于中国剩余定理的Paillier加密改进方法

联邦学习（federated learning, FL）是最近几年快速兴起的一种分布式机器学习算法,可以在不交换数据的前提下保护隐私。但是在模型训练的过程中,由于一些“诚实且好奇”的客户端的参与,可能会导致隐私信息的泄露或遭受到成员推理、属性推理或恢复数据训练等攻击。因此,对于联邦学习中隐私保护技术的研究已经成为新的热点。在现阶段的研究中,常采用同态加密（homomorphic encryption, HE）技术进行隐私保护,而Paillier同态是最常用的加密算法之一。为了使得加密算法更高效,利用中国剩余定理（Chinese remainder theorem, CRT）对Paillier同态加密算法的计算过程进行优化,并与未优化的Paillier加密算法进行对比实验。实验结果表明,优化后的加密算法在联邦学习中,既提升了其隐私性能,也提高了同态加密计算的效。     

一种基于整数多项式环上的非对称全同态加密方案

大数据时代下用户数据的隐私安全面临着重大威胁。全同态加密因其满足云计算安全性需求的特性日益受到重视,所以同态加密算法成为保护云端数据的一种有效手段。基于整数多项式环构建了一种非对称的全同态加密方案,其中,包括密钥生成算法、加密算法、解密算法、重加密算法、解密正确性证明以及同态性证明。该方案运行一次KeyGen算法生成一次参数,即可以对批量的明文进行加密运算,也可以对批量的密文进行同态运算,加密效率和同态计算效率高,且该方案的安全性基于近似最大公约数问题。     

Contourlet-SIFT特征匹配算法

基于局部特征的匹配算法中SIFT(Scale Invariant Feature Transform)算法性能好,应用广泛,但其描述子的维度高、匹配耗时大,对局部相似区域的匹配鲁棒性差.为此,该文提出一种Contourlet-SIFT特征匹配算法.在尺度空间下提取旋转不变特征,对特征及其邻域进行 Contourlet 变换,由各方向子带分解系数的均值和标准差构建全局纹理描述向量,根据向量间欧氏距离的大小进行特征点排序,选取距离较小的前1%的特征再进行 SIFT最近邻比值匹配.实验结果表明该算法对亮度差异大、相似区域多的图像的匹配性能优于SIFT,在保证尺度、旋转、视角等不变性与SIFT相当的同时,匹配速度大为提升.     

基于密文操作的云平台数据保护技术研究

针对目前的加密算法无法解决云存储平台中数据的实用性与安全性的平衡问题,提出了可识别权限的整数同态加密(HEIP)算法并对方案的安全性、时间复杂度和算法效率进行了分析。然后在整数同态加密方案的基础上,同时结合实际的云存储应用场景设计了二级代理的同态加密云存储系统,并给出了关键模块的实现方法。最后通过实验证明了云存储平台的有效性、两级解密架构的安全性以及同态计算模式的正确性。     

基于用户偏好的异构网络选择算法研究

针对当前大多数网络选择算法没有充分考虑用户基于业务的网络偏好这一问题,提出了一种基于用户偏好的异构网络选择算法。该算法充分考虑业务需求、用户偏好及网络性能差异,通过层次分析法和距离分析法分别计算用户对各候选网络的主观和客观偏好权重,根据用户策略动态确定综合权重,并由此结合各属性权重计算网络性能,选出最优网络。仿真结果表明该算法可以准确选择接入网络,并当用户在网络边缘做兵乓运动时有效减少切换次数。     

有理数相等的保密判定

安全多方计算是近年来国际密码学界研究的热点.数据相等保密判定是安全多方计算的一个基本问题,在指纹匹配和关键词搜索等现实问题中有广泛的应用,因此研究数据相等保密判定有重要的理论与实际意义.本文协议I利用Paillier加密算法高效实现了两个有理数相等的保密判定,协议II基于椭圆曲线同态加密算法安全高效计算多个有理数相等判定问题,并且最后给出了恶意模型下的有理数相等保密判定协议.     

基于同态加密的通信信息队列加密传输技术

为了提升通信信息传输的安全性,提出一种基于同态加密的通信信息队列加密传输技术。在通信信息传输之前,首先采用Paillier密码技术加密处理通信信息,实现对通信信息的同态加密,保证通信信息的安全性;然后基于通信信息队列传输特性,通过Producer端和Broker端实现通信信息队列的加密传输,提高现有网络环境下通信信息队列加密传输数据的处理能力。实验结果表明,所提技术能够为通信信息的安全访问与隐私保护提供支持,有效保障用户信息的安全性。     

基于CE3:k-means的协同过滤推荐模型研究

随着网络数据量的迅速增长,传统数据处理方式的推荐算法已经不能满足互联网发展的需求,为了追求推荐精确性与人性化,协同过滤算法以其更高的推荐满意率逐渐取代其他推荐算法。然而,协同过滤算法推荐的准确程度取决于用户或者物品相似度的计算,成员偏好的多元性使得用户相似度并不能很好的体现用户之间的关联程度。针对这一问题,将CE3:k-menas引入协同过滤推荐,借鉴其基本思想,以成员偏好为特征,根据成员与簇类中心的距离进行偏好划分,由于边界成员与簇类中心成员在一定程度上有着相似的偏好同时也存在较大的差异。因此,针对成员距离类簇中心的远近采取不同的偏好融合策略。实验结果表明,所提出的算法相比LM-CF,UCCF和UBCF算法在准确率、召回率和平均绝对误差上效果提升明显。     

基于布隆过滤器的轻量级隐私信息匹配方案

针对智能终端用户私有数据匹配中的隐私保护问题,基于布隆过滤器和二元向量内积协议,提出一种新的综合考虑用户属性及其偏好的轻量级隐私信息匹配方案,包括建立基于Dice相似性系数的二维向量相似度函数、设置参数、生成布隆过滤器、计算二元向量内积、计算相似度和确定匹配对象6个部分。该方案采用基于布隆过滤器的相似度估计和基于混淆方法的二元向量内积协议,在不依赖于可信第三方的前提下,大幅度降低计算开销,且能够有效抵御蛮力攻击和无限制输入攻击。实验结果表明,该方案与典型代表方案相比,计算效率得到明显提升。     

基于NTRU的多密钥同态代理重加密方案及其应用

为了提高同态加密算法在多用户云计算场景下的实用性,构造了一个基于NTRU的多密钥同态代理重加密方案。首先利用密文扩张思想提出了一种新的NTRU型多密钥同态密文形式,并基于此设计了相应的同态运算和重线性化过程,从而形成一个支持分布式解密的NTRU型多密钥同态加密方案;然后借助于密钥交换思想设计了重加密密钥和重加密过程,将代理重加密功能集成到该NTRU型多密钥同态加密方案中。所提方案保留了多密钥同态加密和代理重加密的特性,而且在用户端的计算开销较低。将所提方案应用于联邦学习中的隐私保护问题并进行了实验,结果表明,所提方案基本不影响联邦训练的准确率,加解密、同态运算和重加密等过程的计算开销也可接受。     

Secure and privacy-preserving DRM scheme using homomorphic encryption in cloud computing

Cloud computing provides a convenient way of content trading and sharing. In this paper, we propose a secure and privacy-preserving digital rights management （DRM） scheme using homomorphic encryption in cloud computing. We present an efficient digital rights management framework in cloud computing, which allows content provider to outsource encrypted contents to centralized content server and allows user to consume contents with the license issued by license server. Further, we provide a secure content key distribution scheme based on additive homomorphic probabilistic public key encryption and proxy re-encryption. The provided scheme prevents malicious employees of license server from issuing the license to unauthorized user. In addition, we achieve privacy preserving by allowing users to stay anonymous towards the key server and service provider. The analysis and comparison results indicate that the proposed scheme has high efficiency and security.     

面向“互联网+”的公有云数据安全

“互联网+”催生了许多新的经济形态与商业模式,公有云面临着严峻的安全挑战。研究了公有云数据安全问题,并提出了研究思路。首先,分析了同态加密的概念、加法同态加密与乘法同态加密的特点以及当前的研究成果和需要解决的难题。然后,根据乘法同态加密算法、散列表和相似性理论,提出了一种数据安全保护方案,并阐述了具体实现流程,采用欧氏距离检验公有云中加密数据的相似性与完整性。最后,理论分析了该方案的正确性与安全性。仿真实验验证了该方案的可行性与有效性。     

Access control scheme with attribute revocation for SWIM

Access control scheme is proposed for System Wide Information Management (SWIM) to address the problem of attribute revocation in practical applications. Based on the attribute based encryption (ABE), this scheme introduces the proxy re-encryption mechanism and key encrypting key (KEK) tree to realize fine-grained access control with attribute revocation. This paper defines the attributes according to the status quo of civil aviation. Compared with some other schemes proposed before, this scheme not only shortens the length of ciphertext (CT) and private key but also improves the efficiency of encryption and decryption. The scheme can resist collusion attacks and ensure the security of data in SWIM.     

EPMDA: an efficient privacy-preserving multi-dimensional data aggregation scheme for edge computing-based IoT system

In order to perform multi-dimensional data aggregation operations efficiently in edge computing-based Internet of things (IoT) systems, a new efficient privacy-preserving multi-dimensional data aggregation (EPMDA) scheme is proposed in this paper. EPMDA scheme is characterized by employing the homomorphic Paillier encryption and SM9 signature algorithm. To improve the computation efficiency of the Paillier encryption operation, EPMDA scheme generates a pre-computed modular exponentiation table of each dimensional data,and the Paillier encryption operation can be implemented by using only several modular multiplications. For the multi-dimensional data, the scheme concatenates zeros between two adjacent dimensional data to avoid data overflow in the sum operation of ciphertexts. To enhance security, EPMDA scheme sets random number at the high address of the exponent. Moreover, the scheme utilizes SM9 signature scheme to guarantee device authentication and data integrity. The performance evaluation and comparison show that EPMDA scheme is more efficient than the existing multi-dimensional data aggregation schemes.     

Privacy preserving friend discovery cross domain scheme using re-encryption in mobile social networks

In order to guarantee the users’ privacy in the process of making friends in the mobile social networks,a new scheme of proxy re-encryption privacy protection in the cross-domain environment was introduced.The scheme employed the cross-domain multi-authority to sharing secret keys,so as to realize the access and shave of the cross-domain users data.And the secret keys of users’ attributes were re-encrypted,based on the technology of the proxy re-encryption and attribute encryption,to achieve the friends matching under the conditions of extending the access policy.Meanwhile,in purpose of enhancing the privacy of users’ data,the technology which contained the separation of users’ privacy ciphertext and secret keys was adopted.Based on that,problems in the existing system such as user data’s inability to be shared cross-cloud,less matching during the process of making friends and users’ inability to make friends when offline had been addressed.Security and experimental analysis show that this scheme can achieve chosen plaintext attack (CPA) security,ensure the privacy of friend discovery,and that is more effective than existing solutions.     

云计算平台下基于属性加密的动态版权使用控制方案（英文）

In order to achieve fine-grained access control in cloud computing,existing digital rights management(DRM) schemes adopt attribute-based encryption as the main encryption primitive.However,these schemes suffer from inefficiency and cannot support dynamic updating of usage rights stored in the cloud.In this paper,we propose a novel DRM scheme with secure key management and dynamic usage control in cloud computing.We present a secure key management mechanism based on attribute-based encryption and proxy re-encryption.Only the users whose attributes satisfy the access policy of the encrypted content and who have effective usage rights can be able to recover the content encryption key and further decrypt the content.The attribute based mechanism allows the content provider to selectively provide fine-grained access control of contents among a set of users,and also enables the license server to implement immediate attribute and user revocation.Moreover,our scheme supports privacy-preserving dynamic usage control based on additive homomorphic encryption,which allows the license server in the cloud to update the users' usage rights dynamically without disclosing the plaintext.Extensive analytical results indicate that our proposed scheme is secure and efficient.     

基于雾计算的智能电表用户虚拟环隐私保护方案

作为智能电网的基础组件,智能电表(SMS)可以定期向电力公司报告用户的详细用电量数据。但是智能电表也带来了一些安全问题,比如用户隐私泄露。该文提出了一种基于虚拟环的隐私保护方案,可以提供用电数据和用户身份的隐私,使攻击者无法知道匹配电力数据与用户身份的关系。在所提方案中,智能电表可以利用其虚拟环成员身份对其真实身份进行匿名化,并利用非对称加密和Paillier同态系统对其获得的用电量数据生成密文数据;然后智能电表将密文数据发送给其连接的雾节点,雾节点定期采集其管理的智能电表的密文数据。同时,雾节点对这些智能电表的虚拟环身份进行验证,然后将收集到的密文数据聚合并发送给控制中心;最后控制中心对聚合后的密文进行解密,得到用电量数据。实验结果表明所提方案在计算和通信成本上具有一定的优势。     

机会网络中用户属性隐私安全的高效协作者资料匹配协议

在机会网络中,用户通过移动造成的相遇性机会,借助协作者实现消息的传输与内容的共享。为了克服现有协作者匹配协议加解密效率不高的问题,针对机会网络中用户的不同隐私要求,设计了3个不依赖同态加密的高效隐私内积计算协议,可以证明所提出的协议是隐私安全并且正确的。在此基础上,对所提出的3个协议的计算开销与通信开销,与现有工作进行了理论上的比较。仿真结果表明,所提协议能够高效地完成隐私安全匹配,其加解密时间要比基于Paillier加密体系的协议要少至少一个数量级。     

Privacy-preserving and efficient user matching based on attribute encryption in mobile social networks

With the rapid popularity of social networking platforms, users can be matched when sharing their profiles. However, there is a risk of leakage of sensitive user information during the user matching process, which leads to the lack of user privacy protection. In this paper, we propose a privacy protection scheme based on the encryption of hidden attributes during user matching in mobile social networks, which uses linear secret sharing scheme (LSSS) as the access structure based on ciphertext policy attribute-based encryption (CP-ABE), and the match server can perform friend recommendation by completing bi-directional attribute matching determination without disclosing user attribute information. In addition, the use of selective keywords protects the privacy of requesters and publishers in selecting keywords and selecting plaintext attacks. The scheme reduces the encryption and decryption overhead for users by dividing encryption into a preparation phase and an online phase and shifting most of the decryption overhead from the requester to the match server. The experimental results show that the scheme ensures user privacy while effectively reducing communication overhead.